| 1 |
On Sun, 2004-09-26 at 23:52, Duncan wrote: |
| 2 |
> OK, I've been running portage 2.0.51-whatever for several releases, and |
| 3 |
> it's certainly beginning to shape up nicely! Here are some |
| 4 |
> comments/questions/suggestions, FWTW.. |
| 5 |
> |
| 6 |
> 1) The new "spinner" is /very/ cool! |
| 7 |
|
| 8 |
New eye candy? |
| 9 |
|
| 10 |
OOh... and how do I view this new whiz-bang feature of portage? |
| 11 |
|
| 12 |
*grin* |
| 13 |
|
| 14 |
> 2) Documentation is coming alone nicely. |
| 15 |
> |
| 16 |
> It's nice to see updated 2.0.51 versions of the various man pages, now. |
| 17 |
> |
| 18 |
> I'm seeing a couple things missing still, tho. The main one I noticed was |
| 19 |
> the portage (5) manpage doesn't list the new /etc/portage/profile yet. |
| 20 |
> Also, an earlier einfo mentioned /etc/portage/profiles/virtuals while the |
| 21 |
> new inject depreciated message mentions |
| 22 |
> /etc/portage/profile/package.provided. I assume these are supposed to |
| 23 |
> both be the same dir, but don't know whether it's profile or profiles. |
| 24 |
> Granted, a typo or changed policy is fine, but without documentation |
| 25 |
> confirming one or the other as right, I'm left guessing. |
| 26 |
|
| 27 |
profiles |
| 28 |
|
| 29 |
> 3) What about the QA Notices? |
| 30 |
> |
| 31 |
> Evidently .51 is rather stricter in some things than .50 and a number of |
| 32 |
> things are QA Notices now that were silent, before. Are things to the |
| 33 |
> point where it's worthwhile bugging the various ebuilds that emit these |
| 34 |
> notices, illegal eclass inheritance and the like, or are there still |
| 35 |
> enough of them it'd just be unnecessary noise? |
| 36 |
|
| 37 |
I think we're getting close to time to start writing bugs for the |
| 38 |
ebuilds that don't have them already. I would think most of the worst |
| 39 |
offenders already have bugs. |
| 40 |
|
| 41 |
> What about that security notice I've seen pop up a few times? Example: |
| 42 |
> |
| 43 |
> QA Notice: Security risk /usr/bin/crontab. Please consider relinking with |
| 44 |
> 'append-ldflags -Wl,-z,now' to fix. |
| 45 |
> |
| 46 |
> What's this mean? What are the implications? How do I do that relinking |
| 47 |
> if I decide I need to? Can I fix it by enabling a feature in make.conf |
| 48 |
> or do I run a separate command? Either way, there's not enough info there |
| 49 |
> to actually DO it, nor do I even have enough info to rightly evaluate the |
| 50 |
> "security risk"! |
| 51 |
|
| 52 |
Actually, that is more a message for the developer. You can perform the |
| 53 |
same function locally with the LDFLAGS variable in your make.conf, but |
| 54 |
really the package should be fixed by the developer by adding the |
| 55 |
"append-ldflags -Wl,-z,now" to the ebuilds, as stated by the emerge |
| 56 |
process. This has all been since sfperms was added to the default |
| 57 |
FEATURES. |
| 58 |
|
| 59 |
> There's simply not enough there to be anything but a teaser, yet it's |
| 60 |
> labeled security risk. Someone's being *MEAN* with their teasing! =:^\ |
| 61 |
|
| 62 |
Blame solar... if that doesn't work, blame vapier... I'm sure it is his |
| 63 |
fault somehow... |
| 64 |
|
| 65 |
I definitely agree, though. We shouldn't be spewing out "This could |
| 66 |
allow people to own your box" messages without spewing out "...and |
| 67 |
here's how to fix it" messages that are just as easy to understand. |
| 68 |
|
| 69 |
-- |
| 70 |
Chris Gianelloni |
| 71 |
Release Engineering - Operations/QA Manager |
| 72 |
Games - Developer |
| 73 |
Gentoo Linux |
| 74 |
|
| 75 |
Is your power animal a penguin? |
Archives